Fortinet black logo

Handbook

Step 7: Deploy the system in Detection Mode

Copy Link
Copy Doc ID 603e8323-b78c-11ec-9fd1-fa163e15d75b:333141
Download PDF

Step 7: Deploy the system in Detection Mode

You can initially deploy the system in Detection Mode. In Detection Mode, the system operates with high (factory default) thresholds and does not drop any packets.

The system needs about 2 to 7 days of attack-free learning in Detection Mode to learn typical traffic patterns so it can set the initial thresholds. The length of the initial learning period depends upon the seasonality of traffic (its predictable or expected variations) and how representative of normal traffic conditions the learning period is.

Weekends alone are an insufficient learning period for businesses that have substantially different traffic during the week. Thus, it is better to start the learning period on a weekday. In most cases, 7 days is sufficient to capture the weekly seasonality in traffic.

Basic steps
  1. Go to Service Protection > Service Protection Policy and Add new SPP rules by clicking Create New.
  2. Go to Service Protection > Service Protection Policy > {SPP rule} > Protection Subnets and configure subnets.
  3. Go to Service Protection > Service Protection Policy > {SPP rule} > Service Protection Policy and ensure SPP rule is deployed in Detection Mode (factory default).

Step 7: Deploy the system in Detection Mode

You can initially deploy the system in Detection Mode. In Detection Mode, the system operates with high (factory default) thresholds and does not drop any packets.

The system needs about 2 to 7 days of attack-free learning in Detection Mode to learn typical traffic patterns so it can set the initial thresholds. The length of the initial learning period depends upon the seasonality of traffic (its predictable or expected variations) and how representative of normal traffic conditions the learning period is.

Weekends alone are an insufficient learning period for businesses that have substantially different traffic during the week. Thus, it is better to start the learning period on a weekday. In most cases, 7 days is sufficient to capture the weekly seasonality in traffic.

Basic steps
  1. Go to Service Protection > Service Protection Policy and Add new SPP rules by clicking Create New.
  2. Go to Service Protection > Service Protection Policy > {SPP rule} > Protection Subnets and configure subnets.
  3. Go to Service Protection > Service Protection Policy > {SPP rule} > Service Protection Policy and ensure SPP rule is deployed in Detection Mode (factory default).